php form issue with mysql

Question

I am trying to write a little project management webapps as a newby - I do appologise for this but I could not find any near...

So I have x type of project which can be select and load through AJAX.

Every type has at least 2-3 steps to complete them so I need more php pages.

I have spent lots of time to figure it out but it is time to ask someone who knows the answer.

Question: When User presses the Submit button I need to check if all the input box are correct and then save to a SQL table and then move to the next page if any of these would fail I have to stop.

code:

<form id="pdf" method="post">
New project name:<input type="text" name="pr-name" placeholder="new project name..."><br/>
New project end date:<input type="text" name="pr-end" placeholder="date..."><br/>

<textarea class="ckeditor" name="pagecontent"  id="pagecontent"></textarea>

<?php
    include_once "ckeditor/ckeditor.php";
    $CKEditor = new CKEditor();
    $CKEditor->basePath = 'ckeditor/';

   // Set global configuration (will be used by all instances of CKEditor).
   $CKEditor->config['width'] = 600;   
    // Change default textarea attributes
   $CKEditor->textareaAttributes = array(“cols” => 80, “rows” => 10);

   $CKEditor->replace("pagecontent");


$sbmt_caption = "continue ->";
if ($_POST["submit_name"]==$sbmt_caption)
{ 
  $prname = mysql_real_escape_string ($_POST["pr-name"]);
  $prend = mysql_real_escape_string ($_POST["pr-end"]);
  $prmenu = "pdf";
  $prcontent = mysql_real_escape_string ($_POST["pagecontent"]);
  $sql = "INSERT INTO projects (pr-name,enddate, sel, content) VALUES('$prname','$prend', '$prmenu', '$prcontent')";

  $result = mysql_query($sql);
  if (!$result){
  echo mysql_error();
  }
}
?>

"/>

this code with the mysql_query bit even doesn't work for me some reason.

Could anyone give me some hint?

Answer 1

First u should have a client side validation code in javascript to validate the inputs entered by the client is valid or not and u can stop him without sending a request to the server. This reduces the waiting time of the user.

Answer 2

Four tips:

1. Check if your query success and ouput errors if any with

   $result = mysql_query($sql);
   if (!$result){
        echo mysql_error();
   }
   

2. Use prepared statements instead of direct embedding parameters into a query string

   $stmt = $pdo->prepare("INSERT INTO projects (pr-name,enddate, sel, content) VALUES(?,?,?,?)");
   $stmt->execute(array($prname,$prend, $prmenu, $prcontent))
   

3. Use $_POST instead of $_REQUEST. $_REQUEST array is build up from cookie,get,post and session according to variables_order php.ini directive, so you may just get your values overwritten.

4. your submit button is not posted at all. So add name attribute to it and check it in your if statement. Also, don't use just plain string continue ->. Store it in the variable and use it.

   $sbmt_caption = "continue ->";
   if ($_POST["submit_name"]==$sbmt_caption){
       //your processing here
   }
   
   <input id="submitButton" name="submit_name" type="submit" value="<?php echo $sbmt_caption?>"/>
   

Answer 3

You need to give the submit-button a "name" and check the existency of that name in your second code on line 2, not the "value".